1. When we would use server1 for those files (file server), server2 for mysql database (database server). To ensure that websites in server1 to accessibility database in server2, is not it required to connect with to ip of second (mysql server) ?

Within this situation, is remote mysql connection.

However, I seen from many people discuss the safety problem.

remote use of MySQL is not so secure. Whenever your remote computer first connects for your MySQL database, the password is encoded prior to being sent on the internet. But next, all information is passed as unencrypted "plain text". If a person could view your connection data (like a "hacker" taking data from an unencrypted Wi-fi compatability connection you are using), that individual would have the ability to view part or all your database.

And So I just wondering methods to secure it?

  1. Allow remote mysql access from server1 by permitting the static ip adress
  2. allow remote access from server 1 by setting port permitted for connecting to 3306
  3. change 3306 with other port?

Any advice?

  • Lock lower use of specific user(s) from specific Insolvency practitioners.
  • Make use of a non-public network for that inter-server communication.
  • If relevant, lock lower use of whatever MySQL port you choose around the OS level.
  • If you think it's relevant, alter the default port (though this makes knock-on configuration for a number of things).

1) Connect with MySQL over SSL. This can safeguard your username/password in addition to data that's being moved. An alternative choice would be to use a vpn what's best suited for those who have multiple machines or daemons that should be shared.

2)Do not let remote root logins. At the minimum disable the "root" account becuase this is actually the first factor an assailant will try to brute pressure.

3)Restrict ip addresses from the user accounts you're using.

4) Remove file_priv all accounts. If granted this can allow an assailant to read files around the server hosting mysql.